Beware of malware sent to phone through SMS

The prosecution yesterday indicted and detained a group of four alleged scammers, all ethnic Korean Chinese, for spreading malware to random smartphone users via text message or SMS to swindle money out of them.

The practice, known as smishing, enabled them to pocket 20 million won ($18,580) from 105 victims in only three days.

Prosecutors estimated that the total amount stolen could surpass hundreds of millions of won.

The alleged ringleader is a Chinese person identified by the surname Li, who has not yet been arrested or indicted. Korean police have asked the Chinese police for assistance in hunting him down.

The scheme works by sending innocent smartphone owners a link via text message, which is identified as a wedding invitation or something equally innocuous. If the phone owner clicks the link, it directs their phone’s browser to a malicious Web site that infects the phone with malware. The malware is capable of mining the phone for personal information.

The personal information mined by the Korean-Chinese included account names and passwords for certain smartphone games and any information given when the person registered for those games. Armed with those details, the alleged scammers could pay for game “money” or points on the phone owner’s account.

They then exchanged the virtual money on the game site for gift certificates valid in Korea. In order to launder the ill-gotten gains one step further, the scammers swapped the gift vouchers for cash in China.

The Seoul Central District Prosecutors’ Office said that the four indicted suspects used Internet servers in Japan and China to avoid detection.

A growing number of smartphone users have fallen victim to SMS phishing in recent years. Aside from fake wedding invitations, the malicious text messages can be disguised as an invitation to a baby’s first birthday party, a breaking news alert, free tickets or a notice from a court. Clicking the link always leads to a Web site with the malware.

AhnLab, a leading security software company, said that it has detected 2,433 types of malware as of August, a drastic jump from 29 last year. The number of smishing-related Web sites blocked by the Korea Internet and Security Agency, a state-run Internet regulator, rose to 1,289 as of August from 17 last year.

Losses suffered from SMS phishing increased to 3.5 billion won as of July from 569 million won last year, according to data compiled by the National Police Agency.

Owners of phones running Google’s Android operating system are the main targets for the scammers. In Korea, there has been no reported case of an iPhone being infected by the smishing malware.

Security experts encourage smartphone users to install security software distributed by the KISA. The application is called Phone Keeper and is available at the Android app store.

BY LEE JEONG-BONG, PARK EUN-JEE [ejpark@joongang.co.kr]